When fuzzing irssi --config @@ (where @@ represents some config file) with afl, I found a config file that causes a segfault.
The following config file is the minimized config file that afl-tmin finds.
The following is the segfault coredump backtrace from gdb.
#0 0x00007f98ec9c5903 in g_slist_last () from /usr/lib/libglib-2.0.so.0
#1 0x00007f98ec9c594f in g_slist_append () from /usr/lib/libglib-2.0.so.0
#2 0x00000000006407f5 in config_node_set_str (rec=0xe1e7d0, parent=0xe1fd50, key=0x6681a0 "type", value=0xe278a0 "IRC") at set.c:119
#3 0x00000000005cb4d0 in chatnet_read (node=0xe1fd50) at chatnets.c:146
#4 read_chatnets () at chatnets.c:174
#5 0x0000000000621c42 in signal_emit_real (rec=rec@entry=0xe20790, params=params@entry=0, va=va@entry=0x7ffcdeece208, first_hook=<optimized out>) at signals.c:242
#6 0x0000000000623fce in signal_emit (signal=signal@entry=0x66a198 "irssi init read settings", params=params@entry=0) at signals.c:286
#7 0x00000000004cd32e in fe_common_core_finish_init () at fe-common-core.c:426
#8 0x00000000004179fd in textui_finish_init () at irssi.c:197
#9 main (argc=<optimized out>, argv=<optimized out>) at irssi.c:314
The bug appears to be a duplicate of this bug, but I am reporting here, since that website seems obsolete.
I was fuzzing fb78787.
When fuzzing
irssi --config @@(where @@ represents some config file) with afl, I found a config file that causes a segfault.The following config file is the minimized config file that afl-tmin finds.
The following is the segfault coredump backtrace from gdb.
The bug appears to be a duplicate of this bug, but I am reporting here, since that website seems obsolete.
I was fuzzing fb78787.